What is it about?
ModbusTCP is one of the most used protocols in critical infrastructure to monitor hazardous processes especially in the oil and gas industry. It is also a very insecure protocol as it has no authentication and sends messages in clear text. We were able to showcase a novel field flooding attack on this protocol by injecting a malicious packet into the communication stream, altering the modbus packet structure. This results in a denial of service that could be designed to last for as long as required during the attack.
Featured Image
Photo by Jay Heike on Unsplash
Why is it important?
Operators monitor critical processes using ModbusTCP. If this attack is successfully launched, it would hinder this from happening. An operator monitoring oil production through a pipeline, for example, would be unable to 1) see the pressure rising beyond the maximum threshold; and 2) override the operations using an emergency shutdown command. This could lead to potential pipeline explosions, loss of lives, and damage to the environment.
Perspectives
I hope this poster further highlights how vulnerable industrial control systems are to low level cyber attacks and generates enough interest for further research on how to better protect this space.
Abubakar Sadiq Mohammed
Cardiff University
Read the Original
This page is a summary of: Wheels on the Modbus - Attacking ModbusTCP Communications, May 2022, ACM (Association for Computing Machinery),
DOI: 10.1145/3507657.3529654.
You can read the full text:
Contributors
The following have contributed to this page
